Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
21 replies to this topic

#1 qzahk

qzahk

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 11 August 2012 - 02:50 PM

Hello. Once every couple of clicks on a link from a google search in Chrome, I get redirected to a website called click-get-answers-fast.com/etc. Most of the time, my McAfee SiteAdvisor plug-in stops it and warns me that it is a dangerous website, but it seems that there are forms of it that SiteAdvisor doesn't block. If it does get through SiteAdvisor and my browser goes to the website, I get redirected again to another website, usually with a list of "sponsored results" links. Strangely enough, I have also been redirected to endocrineweb.com, which appears to be a legitimate website.

A full scan with McAfee Antivirus Plus was not able to detect any problems.

Thanks in advance for the help.

--------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Jimmy at 18:52:29 on 2012-08-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3525 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\System32\TPHDEXLG64.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
mStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624215523.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce

"SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery"

UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{1BC01A56-9AD0-430A-8551-FF1CCD685C56} : DhcpNameServer = 128.146.1.9 128.146.48.6
TCP: Interfaces\{EA7C03C9-18F4-4A2E-B77F-B91F97A6981F} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{EA7C03C9-18F4-4A2E-B77F-B91F97A6981F}\16474777966696 : DhcpNameServer = 192.168.4.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{EA7C03C9-18F4-4A2E-B77F-B91F97A6981F}\D4F66756D294E6 : DhcpNameServer = 128.146.1.9 128.146.48.6
TCP: Interfaces\{EA7C03C9-18F4-4A2E-B77F-B91F97A6981F}\D69745F65736860243740284F6473707F647 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli EgisPLPwdFilter
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624215523.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce

"SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery"

UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\zcvi012k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\windows\system32\DRIVERS\ApsHM64.sys --> C:\windows\system32\DRIVERS\ApsHM64.sys [?]
R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]
R1 EgisTecFF;EgisTecFF;C:\windows\system32\DRIVERS\EgisTecFF.sys --> C:\windows\system32\DRIVERS\EgisTecFF.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]
R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\system32\Drivers\FPSensor.sys --> C:\windows\system32\Drivers\FPSensor.sys [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-17 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-17 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-17 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-17 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-1-17 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-1-17 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-11

2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS

\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtsuvc;Lenovo EasyCamera;C:\windows\system32\DRIVERS\rtsuvc.sys --> C:\windows\system32\DRIVERS\rtsuvc.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-11 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-11 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-12 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 VaneFltr;Lachesis Mouse Driver;C:\windows\system32\drivers\Lachesis.sys --> C:\windows\system32\drivers\Lachesis.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-28 14:42:49 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-28 14:41:46 772592 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-07-11 04:02:01 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 00:59:36 2004480 ----a-w- C:\windows\System32\msxml6.dll
.
==================== Find3M ====================
.
2012-08-02 23:02:57 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 23:02:57 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-06 02:06:20 687544 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH: 18:53:18.83 ===============

Attached Files


Edited by qzahk, 11 August 2012 - 02:58 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 12 August 2012 - 01:48 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 qzahk

qzahk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 14 August 2012 - 08:55 PM

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.75
Google Chrome 21.0.1180.79
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 14 August 2012 - 09:22 PM

Let me have the combofix report when it is ready - thank you



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 qzahk

qzahk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 14 August 2012 - 09:37 PM

I noticed that "DownloadnSave" was deleted - it was an add-on for Firefox that was causing redirects before I disabled it. The Chrome google redirects are still occurring.



ComboFix 12-08-14.05 - Jimmy 08/14/2012 22:12:39.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4129 [GMT -4:00]
Running from: c:\users\Jimmy\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DownloadnSave
c:\programdata\DownloadnSave\background.html
c:\programdata\DownloadnSave\bhoclass.dll
c:\programdata\DownloadnSave\content.js
c:\programdata\DownloadnSave\fndgnnaifdejenlojiddpgemakkbiigg.crx
c:\programdata\DownloadnSave\settings.ini
c:\programdata\Roaming
c:\users\Jimmy\Documents\~WRL0313.tmp
c:\windows\s.bat
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 02:19 . 2012-08-15 02:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 01:30 . 2012-08-15 01:30 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-14 03:40 . 2012-07-03 07:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-08-11 00:10 . 2012-08-11 00:10 -------- d-----w- c:\program files\iPod
2012-08-11 00:10 . 2012-08-11 00:11 -------- d-----w- c:\program files\iTunes
2012-08-11 00:10 . 2012-08-11 00:11 -------- d-----w- c:\program files (x86)\iTunes
2012-07-28 14:43 . 2012-07-28 14:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-28 14:42 . 2012-07-28 14:42 -------- d-----w- c:\program files (x86)\Oracle
2012-07-28 14:41 . 2012-07-28 14:41 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 01:30 . 2012-04-09 16:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 01:30 . 2011-09-13 22:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 02:06 . 2012-01-09 22:07 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-12 03:08 . 2012-07-11 04:02 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 00:59 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 00:59 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 00:59 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 00:59 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 00:59 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 00:59 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 00:59 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 15:45 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:45 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:45 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:45 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:45 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:45 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:45 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 15:45 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 15:45 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 04:00 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 04:00 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 04:00 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 04:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 04:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 04:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 04:00 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 04:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 04:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 04:00 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 04:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 04:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 04:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 04:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 04:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 04:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 04:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 04:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 04:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 00:59 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 00:59 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 00:59 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 00:59 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 00:59 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 00:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 00:59 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 00:59 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 00:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-11 39408]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-13 3077528]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096]
"PLTSR"="c:\program files (x86)\EgisTec Port Locker\EgisPLTSR.exe" [2010-10-22 364400]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-24 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-24 224352]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-02 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-08-17 30336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-17 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-11 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-11 39008]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-12-09 23648]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-11 13408]
S1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys [2011-08-11 55880]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 499200]
S2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-10-31 35952]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 885248]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-11 29792]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-02-17 75264]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-02-17 174080]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-02-17 81920]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-24 31088]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-11-09 8500736]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [2010-12-15 8200552]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:30]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 12:30]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 12:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2011-03-01 1617920]
"TpShocks"="c:\windows\System32\TpShocks.exe" [2010-03-15 231328]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-11 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-11 5908928]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-11 114688]
"combofix"="c:\combofix\CF3281.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\zcvi012k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-McAfee Virtual Technician - c:\program files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-14 22:28:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 02:28
.
Pre-Run: 480,717,824,000 bytes free
Post-Run: 482,831,060,992 bytes free
.
- - End Of File - - 9969BFAE004726CB43099856F2442D06

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 14 August 2012 - 10:18 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 qzahk

qzahk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 16 August 2012 - 03:22 PM

Hey Gringo,

No suspicious/infected file detected or reboot from TDSSKiller. aswMBR log coming in the next post.

16:20:55.0564 5724 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
16:20:56.0823 5724 ============================================================
16:20:56.0823 5724 Current date / time: 2012/08/16 16:20:56.0823
16:20:56.0823 5724 SystemInfo:
16:20:56.0823 5724
16:20:56.0824 5724 OS Version: 6.1.7601 ServicePack: 1.0
16:20:56.0824 5724 Product type: Workstation
16:20:56.0824 5724 ComputerName: JIMMY-PC
16:20:56.0824 5724 UserName: Jimmy
16:20:56.0824 5724 Windows directory: C:\windows
16:20:56.0824 5724 System windows directory: C:\windows
16:20:56.0824 5724 Running under WOW64
16:20:56.0824 5724 Processor architecture: Intel x64
16:20:56.0824 5724 Number of processors: 4
16:20:56.0824 5724 Page size: 0x1000
16:20:56.0824 5724 Boot type: Normal boot
16:20:56.0824 5724 ============================================================
16:20:57.0714 5724 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:20:57.0720 5724 ============================================================
16:20:57.0720 5724 \Device\Harddisk0\DR0:
16:20:57.0720 5724 MBR partitions:
16:20:57.0720 5724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
16:20:57.0720 5724 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x45073000
16:20:57.0745 5724 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x450D8000, BlocksNum 0x39FD800
16:20:57.0745 5724 ============================================================
16:20:57.0776 5724 C: <-> \Device\Harddisk0\DR0\Partition2
16:20:57.0815 5724 D: <-> \Device\Harddisk0\DR0\Partition3
16:20:57.0815 5724 ============================================================
16:20:57.0816 5724 Initialize success
16:20:57.0816 5724 ============================================================
16:20:59.0229 7636 ============================================================
16:20:59.0230 7636 Scan started
16:20:59.0230 7636 Mode: Manual;
16:20:59.0230 7636 ============================================================
16:20:59.0506 7636 ================ Scan services =============================
16:20:59.0722 7636 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
16:20:59.0828 7636 1394ohci - ok
16:20:59.0861 7636 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\windows\system32\drivers\ACPI.sys
16:20:59.0902 7636 ACPI - ok
16:20:59.0931 7636 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
16:20:59.0965 7636 AcpiPmi - ok
16:21:00.0017 7636 [ 5bbff8b826ec38d32c26334e079c7efc ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
16:21:00.0109 7636 ACPIVPC - ok
16:21:00.0275 7636 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:21:00.0280 7636 AdobeFlashPlayerUpdateSvc - ok
16:21:00.0360 7636 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
16:21:00.0387 7636 adp94xx - ok
16:21:00.0438 7636 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\windows\system32\drivers\adpahci.sys
16:21:00.0461 7636 adpahci - ok
16:21:00.0487 7636 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
16:21:00.0504 7636 adpu320 - ok
16:21:00.0539 7636 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
16:21:00.0542 7636 AeLookupSvc - ok
16:21:00.0592 7636 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\windows\system32\drivers\afd.sys
16:21:00.0604 7636 AFD - ok
16:21:00.0637 7636 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\windows\system32\drivers\agp440.sys
16:21:00.0648 7636 agp440 - ok
16:21:00.0683 7636 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\windows\System32\alg.exe
16:21:00.0695 7636 ALG - ok
16:21:00.0729 7636 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\windows\system32\drivers\aliide.sys
16:21:00.0740 7636 aliide - ok
16:21:00.0762 7636 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\windows\system32\drivers\amdide.sys
16:21:00.0768 7636 amdide - ok
16:21:00.0806 7636 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
16:21:00.0816 7636 AmdK8 - ok
16:21:00.0837 7636 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
16:21:00.0847 7636 AmdPPM - ok
16:21:00.0889 7636 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\windows\system32\drivers\amdsata.sys
16:21:00.0994 7636 amdsata - ok
16:21:01.0060 7636 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\windows\system32\drivers\amdsbs.sys
16:21:01.0078 7636 amdsbs - ok
16:21:01.0101 7636 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
16:21:01.0212 7636 amdxata - ok
16:21:01.0248 7636 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\windows\system32\drivers\appid.sys
16:21:01.0324 7636 AppID - ok
16:21:01.0347 7636 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\windows\System32\appidsvc.dll
16:21:01.0352 7636 AppIDSvc - ok
16:21:01.0362 7636 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\windows\System32\appinfo.dll
16:21:01.0400 7636 Appinfo - ok
16:21:01.0494 7636 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:21:01.0611 7636 Apple Mobile Device - ok
16:21:01.0681 7636 [ c484f8ceb1717c540242531db7845c4e ] arc C:\windows\system32\drivers\arc.sys
16:21:01.0688 7636 arc - ok
16:21:01.0713 7636 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\windows\system32\drivers\arcsas.sys
16:21:01.0721 7636 arcsas - ok
16:21:01.0785 7636 aspnet_state - ok
16:21:01.0809 7636 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
16:21:01.0816 7636 AsyncMac - ok
16:21:01.0848 7636 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\windows\system32\drivers\atapi.sys
16:21:01.0852 7636 atapi - ok
16:21:01.0907 7636 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:21:01.0941 7636 AudioEndpointBuilder - ok
16:21:01.0950 7636 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\windows\System32\Audiosrv.dll
16:21:01.0953 7636 AudioSrv - ok
16:21:01.0985 7636 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\windows\System32\AxInstSV.dll
16:21:02.0013 7636 AxInstSV - ok
16:21:02.0074 7636 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
16:21:02.0098 7636 b06bdrv - ok
16:21:02.0140 7636 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
16:21:02.0155 7636 b57nd60a - ok
16:21:02.0218 7636 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\windows\System32\bdesvc.dll
16:21:02.0226 7636 BDESVC - ok
16:21:02.0248 7636 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\windows\system32\drivers\Beep.sys
16:21:02.0258 7636 Beep - ok
16:21:02.0316 7636 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\windows\System32\bfe.dll
16:21:02.0387 7636 BFE - ok
16:21:02.0433 7636 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\windows\system32\qmgr.dll
16:21:02.0445 7636 BITS - ok
16:21:02.0469 7636 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
16:21:02.0478 7636 blbdrive - ok
16:21:02.0543 7636 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:21:02.0634 7636 Bonjour Service - ok
16:21:02.0657 7636 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
16:21:02.0691 7636 bowser - ok
16:21:02.0723 7636 [ 3dcb409bcbd02ab0675682f8e42a410f ] bpenum C:\windows\system32\DRIVERS\bpenum.sys
16:21:02.0759 7636 bpenum - ok
16:21:02.0779 7636 [ 6c66eef6669b14df4f426990a1ca5112 ] bpmp C:\windows\system32\DRIVERS\bpmp.sys
16:21:02.0814 7636 bpmp - ok
16:21:02.0848 7636 [ aaa4f992f879977a000fe8b8c730cd2c ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
16:21:02.0882 7636 BPntDrv - ok
16:21:02.0897 7636 [ 2ee68405bbade51cbe1c973ff3a1a400 ] bpusb C:\windows\system32\Drivers\bpusb.sys
16:21:02.0931 7636 bpusb - ok
16:21:02.0962 7636 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
16:21:02.0967 7636 BrFiltLo - ok
16:21:02.0976 7636 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
16:21:02.0980 7636 BrFiltUp - ok
16:21:03.0032 7636 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
16:21:03.0043 7636 BridgeMP - ok
16:21:03.0075 7636 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\windows\System32\browser.dll
16:21:03.0077 7636 Browser - ok
16:21:03.0099 7636 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\windows\System32\Drivers\Brserid.sys
16:21:03.0111 7636 Brserid - ok
16:21:03.0147 7636 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
16:21:03.0155 7636 BrSerWdm - ok
16:21:03.0182 7636 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
16:21:03.0187 7636 BrUsbMdm - ok
16:21:03.0200 7636 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
16:21:03.0204 7636 BrUsbSer - ok
16:21:03.0245 7636 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
16:21:03.0250 7636 BthEnum - ok
16:21:03.0278 7636 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
16:21:03.0283 7636 BTHMODEM - ok
16:21:03.0303 7636 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
16:21:03.0309 7636 BthPan - ok
16:21:03.0350 7636 [ 64c198198501f7560ee41d8d1efa7952 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
16:21:03.0397 7636 BTHPORT - ok
16:21:03.0432 7636 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\windows\system32\bthserv.dll
16:21:03.0435 7636 bthserv - ok
16:21:03.0470 7636 [ f188b7394d81010767b6df3178519a37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
16:21:03.0557 7636 BTHUSB - ok
16:21:03.0584 7636 catchme - ok
16:21:03.0611 7636 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
16:21:03.0624 7636 cdfs - ok
16:21:03.0666 7636 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
16:21:03.0765 7636 cdrom - ok
16:21:03.0806 7636 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\windows\System32\certprop.dll
16:21:03.0839 7636 CertPropSvc - ok
16:21:03.0889 7636 [ 274ce03459896006f7a5069266e0469e ] cfwids C:\windows\system32\drivers\cfwids.sys
16:21:03.0924 7636 cfwids - ok
16:21:03.0956 7636 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\windows\system32\drivers\circlass.sys
16:21:03.0959 7636 circlass - ok
16:21:03.0995 7636 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\windows\system32\CLFS.sys
16:21:04.0005 7636 CLFS - ok
16:21:04.0041 7636 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:21:04.0047 7636 clr_optimization_v2.0.50727_32 - ok
16:21:04.0104 7636 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:21:04.0120 7636 clr_optimization_v2.0.50727_64 - ok
16:21:04.0183 7636 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:21:04.0264 7636 clr_optimization_v4.0.30319_32 - ok
16:21:04.0297 7636 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:21:04.0370 7636 clr_optimization_v4.0.30319_64 - ok
16:21:04.0412 7636 [ 50f92c943f18b070f166d019dfab3d9a ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
16:21:04.0483 7636 clwvd - ok
16:21:04.0513 7636 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
16:21:04.0520 7636 CmBatt - ok
16:21:04.0538 7636 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\windows\system32\drivers\cmdide.sys
16:21:04.0547 7636 cmdide - ok
16:21:04.0589 7636 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\windows\system32\Drivers\cng.sys
16:21:04.0664 7636 CNG - ok
16:21:04.0679 7636 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
16:21:04.0687 7636 Compbatt - ok
16:21:04.0718 7636 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
16:21:04.0794 7636 CompositeBus - ok
16:21:04.0807 7636 COMSysApp - ok
16:21:04.0830 7636 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
16:21:04.0833 7636 crcdisk - ok
16:21:04.0877 7636 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\windows\system32\cryptsvc.dll
16:21:04.0947 7636 CryptSvc - ok
16:21:05.0028 7636 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:21:05.0037 7636 cvhsvc - ok
16:21:05.0093 7636 [ 7af9dac504fbd047cbc3e64ae52c92bf ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
16:21:05.0159 7636 dc3d - ok
16:21:05.0200 7636 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\windows\system32\rpcss.dll
16:21:05.0205 7636 DcomLaunch - ok
16:21:05.0230 7636 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\windows\System32\defragsvc.dll
16:21:05.0246 7636 defragsvc - ok
16:21:05.0271 7636 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
16:21:05.0357 7636 DfsC - ok
16:21:05.0391 7636 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\windows\system32\dhcpcore.dll
16:21:05.0462 7636 Dhcp - ok
16:21:05.0482 7636 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\windows\system32\drivers\discache.sys
16:21:05.0484 7636 discache - ok
16:21:05.0505 7636 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\windows\system32\drivers\disk.sys
16:21:05.0514 7636 Disk - ok
16:21:05.0585 7636 [ ec9d64cc2dd8a4c6d11550f364890db1 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
16:21:05.0675 7636 DMAgent - ok
16:21:05.0699 7636 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\windows\System32\dnsrslvr.dll
16:21:05.0739 7636 Dnscache - ok
16:21:05.0761 7636 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\windows\System32\dot3svc.dll
16:21:05.0816 7636 dot3svc - ok
16:21:05.0837 7636 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\windows\system32\dps.dll
16:21:05.0877 7636 DPS - ok
16:21:05.0904 7636 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
16:21:05.0908 7636 drmkaud - ok
16:21:05.0942 7636 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
16:21:06.0020 7636 DXGKrnl - ok
16:21:06.0045 7636 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\windows\System32\eapsvc.dll
16:21:06.0055 7636 EapHost - ok
16:21:06.0163 7636 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\windows\system32\drivers\evbda.sys
16:21:06.0244 7636 ebdrv - ok
16:21:06.0264 7636 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\windows\System32\lsass.exe
16:21:06.0344 7636 EFS - ok
16:21:06.0395 7636 [ 0ac3baa7df250c76dd9bcfc51565cb5f ] EgisTec Service Help C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
16:21:06.0466 7636 EgisTec Service Help - ok
16:21:06.0491 7636 [ 33708c6d915f8de734cf3abb0731515b ] EgisTecFF C:\windows\system32\DRIVERS\EgisTecFF.sys
16:21:06.0527 7636 EgisTecFF - ok
16:21:06.0608 7636 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
16:21:06.0723 7636 ehRecvr - ok
16:21:06.0740 7636 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\windows\ehome\ehsched.exe
16:21:06.0747 7636 ehSched - ok
16:21:06.0790 7636 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
16:21:06.0810 7636 elxstor - ok
16:21:06.0818 7636 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\windows\system32\drivers\errdev.sys
16:21:06.0827 7636 ErrDev - ok
16:21:06.0897 7636 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\windows\system32\es.dll
16:21:06.0908 7636 EventSystem - ok
16:21:07.0023 7636 [ f8f610093e1d7fdfa477fc34d15d5c60 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:21:07.0103 7636 EvtEng - ok
16:21:07.0132 7636 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\windows\system32\drivers\exfat.sys
16:21:07.0143 7636 exfat - ok
16:21:07.0160 7636 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\windows\system32\drivers\fastfat.sys
16:21:07.0170 7636 fastfat - ok
16:21:07.0217 7636 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\windows\system32\fxssvc.exe
16:21:07.0298 7636 Fax - ok
16:21:07.0317 7636 [ 3191aca33088ee2481044fc0db736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys
16:21:07.0373 7636 fbfmon - ok
16:21:07.0391 7636 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\windows\system32\drivers\fdc.sys
16:21:07.0394 7636 fdc - ok
16:21:07.0413 7636 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\windows\system32\fdPHost.dll
16:21:07.0416 7636 fdPHost - ok
16:21:07.0461 7636 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\windows\system32\fdrespub.dll
16:21:07.0469 7636 FDResPub - ok
16:21:07.0488 7636 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
16:21:07.0496 7636 FileInfo - ok
16:21:07.0519 7636 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
16:21:07.0531 7636 Filetrace - ok
16:21:07.0565 7636 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
16:21:07.0572 7636 flpydisk - ok
16:21:07.0606 7636 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
16:21:07.0685 7636 FltMgr - ok
16:21:07.0753 7636 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\windows\system32\FntCache.dll
16:21:07.0828 7636 FontCache - ok
16:21:07.0878 7636 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:21:07.0924 7636 FontCache3.0.0.0 - ok
16:21:07.0970 7636 [ 1899d0fb4c5ad0d6d0bfa258c54903f7 ] FPSensor C:\windows\system32\Drivers\FPSensor.sys
16:21:08.0070 7636 FPSensor - ok
16:21:08.0102 7636 [ d43703496149971890703b4b1b723eac ] FsDepends C:\windows\system32\drivers\FsDepends.sys
16:21:08.0111 7636 FsDepends - ok
16:21:08.0142 7636 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
16:21:08.0236 7636 Fs_Rec - ok
16:21:08.0258 7636 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
16:21:08.0261 7636 fvevol - ok
16:21:08.0281 7636 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
16:21:08.0285 7636 gagp30kx - ok
16:21:08.0323 7636 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:21:08.0388 7636 GEARAspiWDM - ok
16:21:08.0429 7636 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\windows\System32\gpsvc.dll
16:21:08.0508 7636 gpsvc - ok
16:21:08.0561 7636 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:21:08.0564 7636 gupdate - ok
16:21:08.0598 7636 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:21:08.0601 7636 gupdatem - ok
16:21:08.0635 7636 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:21:08.0638 7636 gusvc - ok
16:21:08.0661 7636 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
16:21:08.0666 7636 hcw85cir - ok
16:21:08.0697 7636 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:21:08.0776 7636 HdAudAddService - ok
16:21:08.0810 7636 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
16:21:08.0884 7636 HDAudBus - ok
16:21:08.0898 7636 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\windows\system32\drivers\HidBatt.sys
16:21:08.0901 7636 HidBatt - ok
16:21:08.0917 7636 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\windows\system32\drivers\hidbth.sys
16:21:08.0922 7636 HidBth - ok
16:21:08.0949 7636 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\windows\system32\drivers\hidir.sys
16:21:08.0953 7636 HidIr - ok
16:21:08.0980 7636 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\windows\System32\hidserv.dll
16:21:08.0987 7636 hidserv - ok
16:21:09.0015 7636 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
16:21:09.0088 7636 HidUsb - ok
16:21:09.0118 7636 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\windows\system32\kmsvc.dll
16:21:09.0153 7636 hkmsvc - ok
16:21:09.0171 7636 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:21:09.0213 7636 HomeGroupListener - ok
16:21:09.0241 7636 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:21:09.0282 7636 HomeGroupProvider - ok
16:21:09.0309 7636 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
16:21:09.0398 7636 HpSAMD - ok
16:21:09.0440 7636 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\windows\system32\drivers\HTTP.sys
16:21:09.0454 7636 HTTP - ok
16:21:09.0474 7636 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
16:21:09.0476 7636 hwpolicy - ok
16:21:09.0523 7636 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
16:21:09.0536 7636 i8042prt - ok
16:21:09.0591 7636 [ 53cc5bf8b5a219119953c7abb19a7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
16:21:09.0600 7636 iaStor - ok
16:21:09.0672 7636 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
16:21:09.0773 7636 iaStorV - ok
16:21:09.0832 7636 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:21:09.0892 7636 idsvc - ok
16:21:10.0259 7636 [ 795c99dc4f574c97c03d0bb39cf099ee ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
16:21:10.0517 7636 igfx - ok
16:21:10.0554 7636 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\windows\system32\drivers\iirsp.sys
16:21:10.0558 7636 iirsp - ok
16:21:10.0595 7636 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\windows\System32\ikeext.dll
16:21:10.0645 7636 IKEEXT - ok
16:21:10.0742 7636 [ 03076f51af9f78a272cccde03e9340ce ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
16:21:10.0816 7636 IntcAzAudAddService - ok
16:21:10.0861 7636 [ fc727061c0f47c8059e88e05d5c8e381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
16:21:10.0967 7636 IntcDAud - ok
16:21:10.0989 7636 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\windows\system32\drivers\intelide.sys
16:21:10.0992 7636 intelide - ok
16:21:11.0018 7636 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
16:21:11.0024 7636 intelppm - ok
16:21:11.0064 7636 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\windows\system32\ipbusenum.dll
16:21:11.0081 7636 IPBusEnum - ok
16:21:11.0114 7636 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
16:21:11.0205 7636 IpFilterDriver - ok
16:21:11.0244 7636 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
16:21:11.0256 7636 iphlpsvc - ok
16:21:11.0290 7636 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
16:21:11.0402 7636 IPMIDRV - ok
16:21:11.0421 7636 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
16:21:11.0436 7636 IPNAT - ok
16:21:11.0508 7636 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:21:11.0593 7636 iPod Service - ok
16:21:11.0633 7636 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\windows\system32\drivers\irenum.sys
16:21:11.0637 7636 IRENUM - ok
16:21:11.0655 7636 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\windows\system32\drivers\isapnp.sys
16:21:11.0663 7636 isapnp - ok
16:21:11.0685 7636 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
16:21:11.0737 7636 iScsiPrt - ok
16:21:11.0767 7636 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
16:21:11.0771 7636 kbdclass - ok
16:21:11.0798 7636 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
16:21:11.0850 7636 kbdhid - ok
16:21:11.0864 7636 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\windows\system32\lsass.exe
16:21:11.0866 7636 KeyIso - ok
16:21:11.0895 7636 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
16:21:11.0924 7636 KSecDD - ok
16:21:11.0935 7636 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
16:21:11.0973 7636 KSecPkg - ok
16:21:12.0013 7636 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
16:21:12.0035 7636 ksthunk - ok
16:21:12.0087 7636 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\windows\system32\msdtckrm.dll
16:21:12.0113 7636 KtmRm - ok
16:21:12.0191 7636 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\windows\System32\srvsvc.dll
16:21:12.0237 7636 LanmanServer - ok
16:21:12.0273 7636 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:21:12.0307 7636 LanmanWorkstation - ok
16:21:12.0331 7636 [ be166935083f9c38edfdc21b9a7a679b ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
16:21:12.0372 7636 LHDmgr - ok
16:21:12.0408 7636 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
16:21:12.0419 7636 lltdio - ok
16:21:12.0452 7636 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\windows\System32\lltdsvc.dll
16:21:12.0469 7636 lltdsvc - ok
16:21:12.0489 7636 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\windows\System32\lmhsvc.dll
16:21:12.0497 7636 lmhosts - ok
16:21:12.0576 7636 [ 2ed1786b7542cda261029f6b526edf44 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:21:12.0722 7636 LMS - ok
16:21:12.0749 7636 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
16:21:12.0757 7636 LSI_FC - ok
16:21:12.0804 7636 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
16:21:12.0811 7636 LSI_SAS - ok
16:21:12.0829 7636 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
16:21:12.0834 7636 LSI_SAS2 - ok
16:21:12.0848 7636 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
16:21:12.0856 7636 LSI_SCSI - ok
16:21:12.0886 7636 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\windows\system32\drivers\luafv.sys
16:21:12.0892 7636 luafv - ok
16:21:12.0987 7636 [ acb01bf1a905356ab7f978c7fe852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:21:12.0993 7636 McAfee SiteAdvisor Service - ok
16:21:13.0008 7636 [ acb01bf1a905356ab7f978c7fe852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:21:13.0012 7636 McMPFSvc - ok
16:21:13.0030 7636 [ acb01bf1a905356ab7f978c7fe852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:21:13.0034 7636 mcmscsvc - ok
16:21:13.0058 7636 [ acb01bf1a905356ab7f978c7fe852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:21:13.0064 7636 McNaiAnn - ok
16:21:13.0087 7636 [ acb01bf1a905356ab7f978c7fe852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:21:13.0092 7636 McNASvc - ok
16:21:13.0164 7636 [ dd2321925274f2902929d76ce2b0eb45 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
16:21:13.0246 7636 McODS - ok
16:21:13.0262 7636 [ acb01bf1a905356ab7f978c7fe852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:21:13.0264 7636 McProxy - ok
16:21:13.0325 7636 [ e998e3b12101288d716558466cbf6ae1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:21:13.0373 7636 McShield - ok
16:21:13.0409 7636 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
16:21:13.0451 7636 Mcx2Svc - ok
16:21:13.0466 7636 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\windows\system32\drivers\megasas.sys
16:21:13.0472 7636 megasas - ok
16:21:13.0516 7636 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
16:21:13.0525 7636 MegaSR - ok
16:21:13.0550 7636 [ a6518dcc42f7a6e999bb3bea8fd87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
16:21:13.0588 7636 MEIx64 - ok
16:21:13.0620 7636 [ 01884cb7655c8908b43ff5e364fe6fd2 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
16:21:13.0656 7636 mfeapfk - ok
16:21:13.0692 7636 [ dab9a9cdfb04e4d68924492aa043019d ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
16:21:13.0819 7636 mfeavfk - ok
16:21:13.0852 7636 mfeavfk01 - ok
16:21:13.0881 7636 [ b26782c3d6045b4464017d7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:21:13.0949 7636 mfefire - ok
16:21:13.0998 7636 [ ce9a3680675c0907ade16404ca967b49 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
16:21:14.0093 7636 mfefirek - ok
16:21:14.0127 7636 [ 60cf67458dd29cd17e77f2327b1a9a54 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
16:21:14.0172 7636 mfehidk - ok
16:21:14.0193 7636 [ a8129cfb919347f8533c934b365e9202 ] mfenlfk C:\windows\system32\DRIVERS\mfenlfk.sys
16:21:14.0229 7636 mfenlfk - ok
16:21:14.0279 7636 [ 5041fa2bd2b3a2693b015771bfbf6dca ] mferkdet C:\windows\system32\drivers\mferkdet.sys
16:21:14.0360 7636 mferkdet - ok
16:21:14.0409 7636 [ 723a5eb6cef7f408c3d0f15a82a6bff8 ] mfevtp C:\windows\system32\mfevtps.exe
16:21:14.0482 7636 mfevtp - ok
16:21:14.0502 7636 [ 919c56db14a0e1e2ab6da5d2821dc26e ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
16:21:14.0544 7636 mfewfpk - ok
16:21:14.0564 7636 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\windows\system32\mmcss.dll
16:21:14.0567 7636 MMCSS - ok
16:21:14.0585 7636 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\windows\system32\drivers\modem.sys
16:21:14.0588 7636 Modem - ok
16:21:14.0608 7636 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\windows\system32\DRIVERS\monitor.sys
16:21:14.0612 7636 monitor - ok
16:21:14.0625 7636 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
16:21:14.0630 7636 mouclass - ok
16:21:14.0647 7636 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
16:21:14.0651 7636 mouhid - ok
16:21:14.0662 7636 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\windows\system32\drivers\mountmgr.sys
16:21:14.0664 7636 mountmgr - ok
16:21:14.0725 7636 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:21:14.0817 7636 MozillaMaintenance - ok
16:21:14.0859 7636 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\windows\system32\drivers\mpio.sys
16:21:14.0935 7636 mpio - ok
16:21:14.0947 7636 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
16:21:14.0952 7636 mpsdrv - ok
16:21:14.0995 7636 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\windows\system32\mpssvc.dll
16:21:15.0055 7636 MpsSvc - ok
16:21:15.0074 7636 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
16:21:15.0115 7636 MRxDAV - ok
16:21:15.0143 7636 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
16:21:15.0179 7636 mrxsmb - ok
16:21:15.0198 7636 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
16:21:15.0236 7636 mrxsmb10 - ok
16:21:15.0255 7636 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
16:21:15.0291 7636 mrxsmb20 - ok
16:21:15.0315 7636 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\windows\system32\drivers\msahci.sys
16:21:15.0354 7636 msahci - ok
16:21:15.0372 7636 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\windows\system32\drivers\msdsm.sys
16:21:15.0416 7636 msdsm - ok
16:21:15.0425 7636 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\windows\System32\msdtc.exe
16:21:15.0431 7636 MSDTC - ok
16:21:15.0462 7636 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\windows\system32\drivers\Msfs.sys
16:21:15.0465 7636 Msfs - ok
16:21:15.0494 7636 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
16:21:15.0501 7636 mshidkmdf - ok
16:21:15.0509 7636 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\windows\system32\drivers\msisadrv.sys
16:21:15.0513 7636 msisadrv - ok
16:21:15.0539 7636 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
16:21:15.0548 7636 MSiSCSI - ok
16:21:15.0554 7636 msiserver - ok
16:21:15.0570 7636 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
16:21:15.0576 7636 MSKSSRV - ok
16:21:15.0624 7636 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
16:21:15.0630 7636 MSPCLOCK - ok
16:21:15.0646 7636 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
16:21:15.0649 7636 MSPQM - ok
16:21:15.0667 7636 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\windows\system32\drivers\MsRPC.sys
16:21:15.0712 7636 MsRPC - ok
16:21:15.0725 7636 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
16:21:15.0731 7636 mssmbios - ok
16:21:15.0747 7636 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
16:21:15.0752 7636 MSTEE - ok
16:21:15.0755 7636 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\windows\system32\drivers\MTConfig.sys
16:21:15.0760 7636 MTConfig - ok
16:21:15.0800 7636 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\windows\system32\Drivers\mup.sys
16:21:15.0813 7636 Mup - ok
16:21:15.0856 7636 [ f6ea50dbc391f04ca49427010657ccb3 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:21:15.0935 7636 MyWiFiDHCPDNS - ok
16:21:15.0972 7636 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\windows\system32\qagentRT.dll
16:21:15.0978 7636 napagent - ok
16:21:16.0010 7636 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
16:21:16.0020 7636 NativeWifiP - ok
16:21:16.0045 7636 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\windows\system32\drivers\ndis.sys
16:21:16.0052 7636 NDIS - ok
16:21:16.0061 7636 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
16:21:16.0068 7636 NdisCap - ok
16:21:16.0086 7636 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
16:21:16.0091 7636 NdisTapi - ok
16:21:16.0119 7636 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
16:21:16.0196 7636 Ndisuio - ok
16:21:16.0223 7636 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
16:21:16.0283 7636 NdisWan - ok
16:21:16.0302 7636 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
16:21:16.0336 7636 NDProxy - ok
16:21:16.0378 7636 [ 2334dc48997ba203b794df3ee70521db ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:21:16.0448 7636 Net Driver HPZ12 - ok
16:21:16.0483 7636 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
16:21:16.0493 7636 NetBIOS - ok
16:21:16.0519 7636 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
16:21:16.0526 7636 NetBT - ok
16:21:16.0543 7636 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\windows\system32\lsass.exe
16:21:16.0548 7636 Netlogon - ok
16:21:16.0590 7636 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\windows\System32\netman.dll
16:21:16.0612 7636 Netman - ok
16:21:16.0648 7636 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\windows\System32\netprofm.dll
16:21:16.0661 7636 netprofm - ok
16:21:16.0687 7636 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:21:16.0699 7636 NetTcpPortSharing - ok
16:21:16.0980 7636 [ 30933bb56fb611d0252bad488adfb533 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
16:21:17.0317 7636 NETwNs64 - ok
16:21:17.0342 7636 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
16:21:17.0347 7636 nfrd960 - ok
16:21:17.0400 7636 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
16:21:17.0406 7636 NlaSvc - ok
16:21:17.0425 7636 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\windows\system32\drivers\Npfs.sys
16:21:17.0429 7636 Npfs - ok
16:21:17.0439 7636 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\windows\system32\nsisvc.dll
16:21:17.0445 7636 nsi - ok
16:21:17.0466 7636 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
16:21:17.0468 7636 nsiproxy - ok
16:21:17.0539 7636 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
16:21:17.0639 7636 Ntfs - ok
16:21:17.0676 7636 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\windows\system32\drivers\Null.sys
16:21:17.0685 7636 Null - ok
16:21:17.0700 7636 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\windows\system32\drivers\nvraid.sys
16:21:17.0802 7636 nvraid - ok
16:21:17.0822 7636 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\windows\system32\drivers\nvstor.sys
16:21:17.0867 7636 nvstor - ok
16:21:17.0887 7636 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
16:21:17.0892 7636 nv_agp - ok
16:21:17.0918 7636 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
16:21:17.0923 7636 ohci1394 - ok
16:21:17.0947 7636 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:21:17.0990 7636 ose - ok
16:21:18.0143 7636 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:21:18.0330 7636 osppsvc - ok
16:21:18.0371 7636 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\windows\system32\pnrpsvc.dll
16:21:18.0377 7636 p2pimsvc - ok
16:21:18.0406 7636 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\windows\system32\p2psvc.dll
16:21:18.0426 7636 p2psvc - ok
16:21:18.0452 7636 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\windows\system32\drivers\parport.sys
16:21:18.0461 7636 Parport - ok
16:21:18.0479 7636 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\windows\system32\drivers\partmgr.sys
16:21:18.0543 7636 partmgr - ok
16:21:18.0563 7636 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
16:21:18.0571 7636 PcaSvc - ok
16:21:18.0590 7636 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\windows\system32\drivers\pci.sys
16:21:18.0635 7636 pci - ok
16:21:18.0645 7636 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\windows\system32\drivers\pciide.sys
16:21:18.0650 7636 pciide - ok
16:21:18.0685 7636 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\windows\system32\drivers\pcmcia.sys
16:21:18.0697 7636 pcmcia - ok
16:21:18.0713 7636 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\windows\system32\drivers\pcw.sys
16:21:18.0721 7636 pcw - ok
16:21:18.0779 7636 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\windows\system32\drivers\peauth.sys
16:21:18.0805 7636 PEAUTH - ok
16:21:18.0901 7636 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\windows\SysWow64\perfhost.exe
16:21:18.0909 7636 PerfHost - ok
16:21:18.0998 7636 [ 99f2dabc45056bac7d714c04296b1cc3 ] Pharos Systems ComTaskMaster C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
16:21:19.0158 7636 Pharos Systems ComTaskMaster - ok
16:21:19.0218 7636 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\windows\system32\pla.dll
16:21:19.0279 7636 pla - ok
16:21:19.0320 7636 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
16:21:19.0377 7636 PlugPlay - ok
16:21:19.0393 7636 [ ac78df349f0e4cfb8b667c0cfff83cce ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:21:19.0444 7636 Pml Driver HPZ12 - ok
16:21:19.0474 7636 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
16:21:19.0483 7636 PNRPAutoReg - ok
16:21:19.0504 7636 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\windows\system32\pnrpsvc.dll
16:21:19.0511 7636 PNRPsvc - ok
16:21:19.0556 7636 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
16:21:19.0648 7636 PolicyAgent - ok
16:21:19.0668 7636 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\windows\system32\umpo.dll
16:21:19.0675 7636 Power - ok
16:21:19.0711 7636 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
16:21:19.0776 7636 PptpMiniport - ok
16:21:19.0789 7636 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\windows\system32\drivers\processr.sys
16:21:19.0794 7636 Processor - ok
16:21:19.0824 7636 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\windows\system32\profsvc.dll
16:21:19.0877 7636 ProfSvc - ok
16:21:19.0887 7636 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\windows\system32\lsass.exe
16:21:19.0889 7636 ProtectedStorage - ok
16:21:19.0921 7636 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\windows\system32\DRIVERS\pacer.sys
16:21:19.0923 7636 Psched - ok
16:21:19.0962 7636 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
16:21:19.0982 7636 ql2300 - ok
16:21:20.0005 7636 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
16:21:20.0009 7636 ql40xx - ok
16:21:20.0036 7636 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\windows\system32\qwave.dll
16:21:20.0055 7636 QWAVE - ok
16:21:20.0072 7636 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
16:21:20.0079 7636 QWAVEdrv - ok
16:21:20.0097 7636 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
16:21:20.0102 7636 RasAcd - ok
16:21:20.0139 7636 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
16:21:20.0144 7636 RasAgileVpn - ok
16:21:20.0169 7636 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\windows\System32\rasauto.dll
16:21:20.0180 7636 RasAuto - ok
16:21:20.0189 7636 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
16:21:20.0245 7636 Rasl2tp - ok
16:21:20.0271 7636 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\windows\System32\rasmans.dll
16:21:20.0302 7636 RasMan - ok
16:21:20.0330 7636 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
16:21:20.0335 7636 RasPppoe - ok
16:21:20.0347 7636 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
16:21:20.0350 7636 RasSstp - ok
16:21:20.0381 7636 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
16:21:20.0430 7636 rdbss - ok
16:21:20.0445 7636 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\windows\system32\drivers\rdpbus.sys
16:21:20.0449 7636 rdpbus - ok
16:21:20.0465 7636 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
16:21:20.0466 7636 RDPCDD - ok
16:21:20.0490 7636 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
16:21:20.0491 7636 RDPENCDD - ok
16:21:20.0509 7636 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
16:21:20.0510 7636 RDPREFMP - ok
16:21:20.0539 7636 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\windows\system32\drivers\RDPWD.sys
16:21:20.0600 7636 RDPWD - ok
16:21:20.0622 7636 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
16:21:20.0660 7636 rdyboost - ok
16:21:20.0747 7636 [ 9276f4d4109fc349925d28e00e533146 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:21:20.0751 7636 RegSrvc - ok
16:21:20.0785 7636 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\windows\System32\mprdim.dll
16:21:20.0790 7636 RemoteAccess - ok
16:21:20.0844 7636 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
16:21:20.0849 7636 RemoteRegistry - ok
16:21:20.0942 7636 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
16:21:20.0958 7636 RFCOMM - ok
16:21:21.0005 7636 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
16:21:21.0012 7636 RpcEptMapper - ok
16:21:21.0039 7636 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\windows\system32\locator.exe
16:21:21.0044 7636 RpcLocator - ok
16:21:21.0078 7636 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\windows\system32\rpcss.dll
16:21:21.0083 7636 RpcSs - ok
16:21:21.0107 7636 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
16:21:21.0111 7636 rspndr - ok
16:21:21.0147 7636 [ e54a5586a28d0630a79a68bbab84bfcf ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
16:21:21.0219 7636 RSUSBVSTOR - ok
16:21:21.0248 7636 [ 20a466b9ea2bd828c0ec723f99b8cfe7 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
16:21:21.0368 7636 RTL8167 - ok
16:21:21.0633 7636 [ 8ac69f3c7a8a8bd94ea26a08ae5d1839 ] rtsuvc C:\windows\system32\DRIVERS\rtsuvc.sys
16:21:21.0902 7636 rtsuvc - ok
16:21:21.0921 7636 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\windows\system32\lsass.exe
16:21:21.0923 7636 SamSs - ok
16:21:21.0948 7636 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\windows\system32\drivers\sbp2port.sys
16:21:21.0989 7636 sbp2port - ok
16:21:22.0013 7636 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\windows\System32\SCardSvr.dll
16:21:22.0019 7636 SCardSvr - ok
16:21:22.0030 7636 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
16:21:22.0068 7636 scfilter - ok
16:21:22.0097 7636 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\windows\system32\schedsvc.dll
16:21:22.0137 7636 Schedule - ok
16:21:22.0162 7636 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\windows\System32\certprop.dll
16:21:22.0163 7636 SCPolicySvc - ok
16:21:22.0191 7636 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
16:21:22.0260 7636 SDRSVC - ok
16:21:22.0310 7636 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
16:21:22.0315 7636 secdrv - ok
16:21:22.0332 7636 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\windows\system32\seclogon.dll
16:21:22.0380 7636 seclogon - ok
16:21:22.0394 7636 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\windows\system32\sens.dll
16:21:22.0396 7636 SENS - ok
16:21:22.0430 7636 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\windows\system32\sensrsvc.dll
16:21:22.0439 7636 SensrSvc - ok
16:21:22.0461 7636 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\windows\system32\drivers\serenum.sys
16:21:22.0469 7636 Serenum - ok
16:21:22.0502 7636 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\windows\system32\drivers\serial.sys
16:21:22.0510 7636 Serial - ok
16:21:22.0544 7636 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\windows\system32\drivers\sermouse.sys
16:21:22.0552 7636 sermouse - ok
16:21:22.0597 7636 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\windows\system32\sessenv.dll
16:21:22.0669 7636 SessionEnv - ok
16:21:22.0681 7636 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\windows\system32\drivers\sffdisk.sys
16:21:22.0686 7636 sffdisk - ok
16:21:22.0698 7636 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
16:21:22.0704 7636 sffp_mmc - ok
16:21:22.0722 7636 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
16:21:22.0771 7636 sffp_sd - ok
16:21:22.0801 7636 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
16:21:22.0804 7636 sfloppy - ok
16:21:22.0853 7636 [ c6cc9297bd53e5229653303e556aa539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
16:21:22.0921 7636 Sftfs - ok
16:21:22.0961 7636 [ 13693b6354dd6e72dc5131da7d764b90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:21:23.0061 7636 sftlist - ok
16:21:23.0086 7636 [ 390aa7bc52cee43f6790cdea1e776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
16:21:23.0125 7636 Sftplay - ok
16:21:23.0167 7636 [ 617e29a0b0a2807466560d4c4e338d3e ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
16:21:23.0202 7636 Sftredir - ok
16:21:23.0237 7636 [ 8f571f016fa1976f445147e9e6c8ae9b ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
16:21:23.0321 7636 Sftvol - ok
16:21:23.0351 7636 [ c3cddd18f43d44ab713cf8c4916f7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:21:23.0431 7636 sftvsa - ok
16:21:23.0466 7636 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\windows\System32\ipnathlp.dll
16:21:23.0476 7636 SharedAccess - ok
16:21:23.0511 7636 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:21:23.0586 7636 ShellHWDetection - ok
16:21:23.0633 7636 [ c10d453b07e3e7e00e5103bba9bad524 ] Shockprf C:\windows\system32\DRIVERS\Apsx64.sys
16:21:23.0746 7636 Shockprf - ok
16:21:23.0775 7636 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
16:21:23.0786 7636 SiSRaid2 - ok
16:21:23.0805 7636 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
16:21:23.0818 7636 SiSRaid4 - ok
16:21:23.0844 7636 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\windows\system32\DRIVERS\smb.sys
16:21:23.0860 7636 Smb - ok
16:21:23.0922 7636 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\windows\System32\snmptrap.exe
16:21:23.0933 7636 SNMPTRAP - ok
16:21:23.0968 7636 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\windows\system32\drivers\spldr.sys
16:21:23.0978 7636 spldr - ok
16:21:24.0009 7636 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\windows\System32\spoolsv.exe
16:21:24.0106 7636 Spooler - ok
16:21:24.0210 7636 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\windows\system32\sppsvc.exe
16:21:24.0269 7636 sppsvc - ok
16:21:24.0286 7636 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\windows\system32\sppuinotify.dll
16:21:24.0300 7636 sppuinotify - ok
16:21:24.0330 7636 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\windows\system32\DRIVERS\srv.sys
16:21:24.0405 7636 srv - ok
16:21:24.0422 7636 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
16:21:24.0474 7636 srv2 - ok
16:21:24.0488 7636 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
16:21:24.0524 7636 srvnet - ok
16:21:24.0564 7636 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
16:21:24.0582 7636 SSDPSRV - ok
16:21:24.0600 7636 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\windows\system32\sstpsvc.dll
16:21:24.0610 7636 SstpSvc - ok
16:21:24.0641 7636 Steam Client Service - ok
16:21:24.0681 7636 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\windows\system32\drivers\stexstor.sys
16:21:24.0687 7636 stexstor - ok
16:21:24.0737 7636 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\windows\System32\wiaservc.dll
16:21:24.0843 7636 stisvc - ok
16:21:24.0865 7636 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
16:21:24.0876 7636 swenum - ok
16:21:24.0912 7636 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\windows\System32\swprv.dll
16:21:24.0946 7636 swprv - ok
16:21:25.0020 7636 [ 08425cd92972c6430f350a9697f4a553 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
16:21:25.0127 7636 SynTP - ok
16:21:25.0208 7636 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\windows\system32\sysmain.dll
16:21:25.0287 7636 SysMain - ok
16:21:25.0303 7636 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\windows\System32\TabSvc.dll
16:21:25.0364 7636 TabletInputService - ok
16:21:25.0384 7636 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\windows\System32\tapisrv.dll
16:21:25.0420 7636 TapiSrv - ok
16:21:25.0444 7636 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\windows\System32\tbssvc.dll
16:21:25.0447 7636 TBS - ok
16:21:25.0540 7636 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
16:21:25.0627 7636 Tcpip - ok
16:21:25.0667 7636 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
16:21:25.0684 7636 TCPIP6 - ok
16:21:25.0709 7636 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
16:21:25.0775 7636 tcpipreg - ok
16:21:25.0795 7636 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
16:21:25.0802 7636 TDPIPE - ok
16:21:25.0833 7636 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
16:21:25.0902 7636 TDTCP - ok
16:21:25.0922 7636 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
16:21:25.0961 7636 tdx - ok
16:21:25.0979 7636 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
16:21:26.0007 7636 TermDD - ok
16:21:26.0035 7636 [ 2e648163254233755035b46dd7b89123 ] TermService C:\windows\System32\termsrv.dll
16:21:26.0072 7636 TermService - ok
16:21:26.0090 7636 [ f0344071948d1a1fa732231785a0664c ] Themes C:\windows\system32\themeservice.dll
16:21:26.0096 7636 Themes - ok
16:21:26.0120 7636 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\windows\system32\mmcss.dll
16:21:26.0122 7636 THREADORDER - ok
16:21:26.0129 7636 [ 74868c001c7214fbd88b1a57ebb04811 ] TPDIGIMN C:\windows\system32\DRIVERS\ApsHM64.sys
16:21:26.0164 7636 TPDIGIMN - ok
16:21:26.0187 7636 [ 130e6b36a8eee48aa4f0ac404236836b ] TPHDEXLGSVC C:\windows\system32\TPHDEXLG64.exe
16:21:26.0223 7636 TPHDEXLGSVC - ok
16:21:26.0251 7636 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\windows\System32\trkwks.dll
16:21:26.0257 7636 TrkWks - ok
16:21:26.0310 7636 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:21:26.0315 7636 TrustedInstaller - ok
16:21:26.0339 7636 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
16:21:26.0440 7636 tssecsrv - ok
16:21:26.0481 7636 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
16:21:26.0566 7636 TsUsbFlt - ok
16:21:26.0589 7636 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
16:21:26.0651 7636 TsUsbGD - ok
16:21:26.0688 7636 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
16:21:26.0692 7636 tunnel - ok
16:21:26.0701 7636 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
16:21:26.0714 7636 uagp35 - ok
16:21:26.0782 7636 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
16:21:26.0915 7636 udfs - ok
16:21:26.0948 7636 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\windows\system32\UI0Detect.exe
16:21:26.0953 7636 UI0Detect - ok
16:21:26.0995 7636 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
16:21:27.0005 7636 uliagpkx - ok
16:21:27.0021 7636 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
16:21:27.0086 7636 umbus - ok
16:21:27.0090 7636 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\windows\system32\drivers\umpass.sys
16:21:27.0092 7636 UmPass - ok
16:21:27.0247 7636 [ 7e5e1603d0ff2d240ae70295c5c3fefc ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:21:27.0399 7636 UNS - ok
16:21:27.0429 7636 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\windows\System32\upnphost.dll
16:21:27.0444 7636 upnphost - ok
16:21:27.0471 7636 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
16:21:27.0565 7636 usbccgp - ok
16:21:27.0601 7636 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\windows\system32\drivers\usbcir.sys
16:21:27.0611 7636 usbcir - ok
16:21:27.0628 7636 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\windows\system32\drivers\usbehci.sys
16:21:27.0700 7636 usbehci - ok
16:21:27.0721 7636 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
16:21:27.0759 7636 usbhub - ok
16:21:27.0786 7636 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\windows\system32\drivers\usbohci.sys
16:21:27.0821 7636 usbohci - ok
16:21:27.0861 7636 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
16:21:27.0868 7636 usbprint - ok
16:21:27.0884 7636 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
16:21:27.0957 7636 USBSTOR - ok
16:21:27.0971 7636 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\windows\system32\drivers\usbuhci.sys
16:21:28.0026 7636 usbuhci - ok
16:21:28.0052 7636 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
16:21:28.0092 7636 usbvideo - ok
16:21:28.0110 7636 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\windows\System32\uxsms.dll
16:21:28.0115 7636 UxSms - ok
16:21:28.0157 7636 [ 81a9f455bf2c9180348949f7c8d93e66 ] VaneFltr C:\windows\system32\drivers\Lachesis.sys
16:21:28.0194 7636 VaneFltr - ok
16:21:28.0210 7636 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\windows\system32\lsass.exe
16:21:28.0211 7636 VaultSvc - ok
16:21:28.0237 7636 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
16:21:28.0241 7636 vdrvroot - ok
16:21:28.0266 7636 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\windows\System32\vds.exe
16:21:28.0323 7636 vds - ok
16:21:28.0345 7636 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\windows\system32\DRIVERS\vgapnp.sys
16:21:28.0348 7636 vga - ok
16:21:28.0357 7636 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\windows\System32\drivers\vga.sys
16:21:28.0361 7636 VgaSave - ok
16:21:28.0371 7636 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\windows\system32\drivers\vhdmp.sys
16:21:28.0411 7636 vhdmp - ok
16:21:28.0423 7636 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\windows\system32\drivers\viaide.sys
16:21:28.0427 7636 viaide - ok
16:21:28.0441 7636 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\windows\system32\drivers\volmgr.sys
16:21:28.0478 7636 volmgr - ok
16:21:28.0499 7636 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\windows\system32\drivers\volmgrx.sys
16:21:28.0503 7636 volmgrx - ok
16:21:28.0519 7636 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\windows\system32\drivers\volsnap.sys
16:21:28.0560 7636 volsnap - ok
16:21:28.0564 7636 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
16:21:28.0570 7636 vsmraid - ok
16:21:28.0633 7636 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\windows\system32\vssvc.exe
16:21:28.0753 7636 VSS - ok
16:21:28.0785 7636 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
16:21:28.0794 7636 vwifibus - ok
16:21:28.0828 7636 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
16:21:28.0842 7636 vwififlt - ok
16:21:28.0884 7636 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
16:21:28.0896 7636 vwifimp - ok
16:21:28.0933 7636 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\windows\system32\w32time.dll
16:21:28.0954 7636 W32Time - ok
16:21:28.0976 7636 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\windows\system32\drivers\wacompen.sys
16:21:28.0986 7636 WacomPen - ok
16:21:29.0035 7636 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
16:21:29.0134 7636 WANARP - ok
16:21:29.0148 7636 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
16:21:29.0150 7636 Wanarpv6 - ok
16:21:29.0232 7636 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
16:21:29.0333 7636 WatAdminSvc - ok
16:21:29.0394 7636 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\windows\system32\wbengine.exe
16:21:29.0509 7636 wbengine - ok
16:21:29.0535 7636 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
16:21:29.0547 7636 WbioSrvc - ok
16:21:29.0567 7636 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\windows\System32\wcncsvc.dll
16:21:29.0624 7636 wcncsvc - ok
16:21:29.0650 7636 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:21:29.0654 7636 WcsPlugInService - ok
16:21:29.0680 7636 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\windows\system32\drivers\wd.sys
16:21:29.0686 7636 Wd - ok
16:21:29.0723 7636 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
16:21:29.0750 7636 Wdf01000 - ok
16:21:29.0771 7636 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\windows\system32\wdi.dll
16:21:29.0783 7636 WdiServiceHost - ok
16:21:29.0788 7636 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\windows\system32\wdi.dll
16:21:29.0793 7636 WdiSystemHost - ok
16:21:29.0823 7636 [ 94dc2bf6cbaaa95e369c3756d3115a76 ] wdkmd C:\windows\system32\DRIVERS\WDKMD.sys
16:21:29.0878 7636 wdkmd - ok
16:21:29.0903 7636 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\windows\System32\webclnt.dll
16:21:29.0932 7636 WebClient - ok
16:21:29.0948 7636 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\windows\system32\wecsvc.dll
16:21:29.0955 7636 Wecsvc - ok
16:21:29.0967 7636 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\windows\System32\wercplsupport.dll
16:21:29.0969 7636 wercplsupport - ok
16:21:29.0999 7636 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\windows\System32\WerSvc.dll
16:21:30.0001 7636 WerSvc - ok
16:21:30.0027 7636 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
16:21:30.0030 7636 WfpLwf - ok
16:21:30.0102 7636 [ 64de79bf805724f0606fe7b3b2f13784 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
16:21:30.0272 7636 WiMAXAppSrv - ok
16:21:30.0299 7636 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\windows\system32\drivers\wimmount.sys
16:21:30.0306 7636 WIMMount - ok
16:21:30.0325 7636 WinDefend - ok
16:21:30.0338 7636 WinHttpAutoProxySvc - ok
16:21:30.0395 7636 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
16:21:30.0411 7636 Winmgmt - ok
16:21:30.0492 7636 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\windows\system32\WsmSvc.dll
16:21:30.0562 7636 WinRM - ok
16:21:30.0629 7636 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\windows\System32\wlansvc.dll
16:21:30.0667 7636 Wlansvc - ok
16:21:30.0721 7636 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:21:30.0783 7636 wlcrasvc - ok
16:21:30.0895 7636 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:21:30.0997 7636 wlidsvc - ok
16:21:31.0019 7636 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
16:21:31.0025 7636 WmiAcpi - ok
16:21:31.0060 7636 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
16:21:31.0074 7636 wmiApSrv - ok
16:21:31.0118 7636 WMPNetworkSvc - ok
16:21:31.0155 7636 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\windows\System32\wpcsvc.dll
16:21:31.0169 7636 WPCSvc - ok
16:21:31.0190 7636 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
16:21:31.0255 7636 WPDBusEnum - ok
16:21:31.0278 7636 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
16:21:31.0280 7636 ws2ifsl - ok
16:21:31.0311 7636 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\windows\system32\wscsvc.dll
16:21:31.0319 7636 wscsvc - ok
16:21:31.0324 7636 WSearch - ok
16:21:31.0352 7636 [ 83575c43b2bfe9ab0661a7f957e843c0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
16:21:31.0408 7636 wsvd - ok
16:21:31.0495 7636 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\windows\system32\wuaueng.dll
16:21:31.0533 7636 wuauserv - ok
16:21:31.0555 7636 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\windows\system32\drivers\WudfPf.sys
16:21:31.0632 7636 WudfPf - ok
16:21:31.0660 7636 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
16:21:31.0737 7636 WUDFRd - ok
16:21:31.0770 7636 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
16:21:31.0824 7636 wudfsvc - ok
16:21:31.0836 7636 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\windows\System32\wwansvc.dll
16:21:31.0845 7636 WwanSvc - ok
16:21:31.0885 7636 [ 2ee48cfce7ca8e0db4c44c7476c0943b ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
16:21:31.0947 7636 xusb21 - ok
16:21:31.0971 7636 ================ Scan global ===============================
16:21:32.0001 7636 (ba0cd8c393e8c9f83354106093832c7b) C:\windows\system32\basesrv.dll
16:21:32.0031 7636 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll
16:21:32.0065 7636 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll
16:21:32.0088 7636 (d6160f9d869ba3af0b787f971db56368) C:\windows\system32\sxssrv.dll
16:21:32.0123 7636 (24acb7e5be595468e3b9aa488b9b4fcb) C:\windows\system32\services.exe
16:21:32.0133 7636 [Global] - ok
16:21:32.0134 7636 ================ Scan MBR ==================================
16:21:32.0150 7636 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:21:32.0285 7636 \Device\Harddisk0\DR0 - ok
16:21:32.0285 7636 ================ Scan VBR ==================================
16:21:32.0289 7636 Boot (0x1200) (b0f38ad41a9bcc33f104a427261bd858) \Device\Harddisk0\DR0\Partition1
16:21:32.0291 7636 \Device\Harddisk0\DR0\Partition1 - ok
16:21:32.0303 7636 Boot (0x1200) (a7004ba603ce9dd1d5e5b0b0e3e6ce29) \Device\Harddisk0\DR0\Partition2
16:21:32.0306 7636 \Device\Harddisk0\DR0\Partition2 - ok
16:21:32.0335 7636 Boot (0x1200) (cc521d832b609aa57302c2d8bfdfd46c) \Device\Harddisk0\DR0\Partition3
16:21:32.0337 7636 \Device\Harddisk0\DR0\Partition3 - ok
16:21:32.0338 7636 ============================================================
16:21:32.0338 7636 Scan finished
16:21:32.0338 7636 ============================================================
16:21:32.0351 6264 Detected object count: 0
16:21:32.0351 6264 Actual detected object count: 0

Edited by qzahk, 16 August 2012 - 03:30 PM.


#8 qzahk

qzahk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 16 August 2012 - 03:59 PM

During the first scan of aswMBR, a blue screen covered my monitor and said something about the system encountering an error and having to shut down. There were a lot of other things written as well, but I wasn't able to catch them before my computer shut down.

After the computer had automatically restarted, I was able to run the scan a second time without errors.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-16 16:39:18
-----------------------------
16:39:18.380 OS Version: Windows x64 6.1.7601 Service Pack 1
16:39:18.380 Number of processors: 4 586 0x2A07
16:39:18.380 ComputerName: JIMMY-PC UserName: Jimmy
16:39:20.174 Initialize success
16:39:27.694 AVAST engine defs: 12081600
16:39:46.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:39:46.492 Disk 0 Vendor: TOSHIBA_ GJ20 Size: 610480MB BusType: 3
16:39:46.570 Disk 0 MBR read successfully
16:39:46.585 Disk 0 MBR scan
16:39:46.585 Disk 0 Windows 7 default MBR code
16:39:46.616 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
16:39:46.632 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 565478 MB offset 411648
16:39:46.648 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 1158510592
16:39:46.819 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 1219319808
16:39:47.287 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 1158512640
16:39:47.708 Disk 0 scanning C:\windows\system32\drivers
16:40:18.318 Service scanning
16:42:30.578 Modules scanning
16:42:30.908 Disk 0 trace - called modules:
16:42:30.978 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:42:30.978 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e82060]
16:42:30.988 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800630b050]
16:42:40.040 AVAST engine scan C:\windows
16:42:55.912 AVAST engine scan C:\windows\system32
16:48:57.470 AVAST engine scan C:\windows\system32\drivers
16:49:22.109 AVAST engine scan C:\Users\Jimmy
16:54:17.954 AVAST engine scan C:\ProgramData
16:55:57.468 Scan finished successfully
16:57:15.742 Disk 0 MBR has been saved successfully to "C:\Users\Jimmy\Desktop\MBR.dat"
16:57:15.752 The log file has been saved successfully to "C:\Users\Jimmy\Desktop\aswMBR.txt"

Edited by qzahk, 16 August 2012 - 04:01 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 17 August 2012 - 05:55 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 17 August 2012 - 05:55 AM

Double post - sorry :whistle:

Edited by gringo_pr, 17 August 2012 - 05:56 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 qzahk

qzahk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 17 August 2012 - 09:33 PM

Hey Gringo,

I am still experiencing the same Google Chrome google redirection problems.


ComboFix 12-08-17.03 - Jimmy 08/17/2012 22:03:55.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4115 [GMT -4:00]
Running from: c:\users\Jimmy\Downloads\ComboFix.exe
Command switches used :: c:\users\Jimmy\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\gt.exe
c:\windows\version.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
2012-08-18 02:14 . 2012-08-18 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 01:30 . 2012-08-15 01:30 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-14 03:40 . 2012-08-18 01:58 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-11 00:10 . 2012-08-11 00:10 -------- d-----w- c:\program files\iPod
2012-08-11 00:10 . 2012-08-11 00:11 -------- d-----w- c:\program files\iTunes
2012-08-11 00:10 . 2012-08-11 00:11 -------- d-----w- c:\program files (x86)\iTunes
2012-07-28 14:43 . 2012-07-28 14:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-28 14:42 . 2012-07-28 14:42 -------- d-----w- c:\program files (x86)\Oracle
2012-07-28 14:41 . 2012-07-28 14:41 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 01:30 . 2012-04-09 16:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 01:30 . 2011-09-13 22:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 02:06 . 2012-01-09 22:07 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-12 03:08 . 2012-07-11 04:02 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 00:59 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 00:59 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 00:59 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 00:59 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 00:59 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 00:59 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 00:59 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 15:45 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:45 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:45 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:45 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:45 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:45 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:45 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 15:45 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 15:45 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 04:00 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 04:00 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 04:00 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 04:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 04:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 04:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 04:00 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 04:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 04:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 04:00 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 04:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 04:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 04:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 04:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 04:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 04:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 04:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 04:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 04:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 00:59 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 00:59 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 00:59 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 00:59 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 00:59 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 00:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 00:59 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 00:59 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 00:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_02.24.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-15 02:22 . 2012-08-15 02:22 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-08-15 02:45 . 2012-08-15 02:45 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-08-15 20:00 50812 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-16 20:39 35892 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-13 21:18 . 2012-08-16 20:39 13142 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3305895179-3876048008-1414156011-1000_UserData.bin
+ 2011-08-11 11:48 . 2012-08-18 02:08 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-11 11:48 . 2012-08-15 02:24 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-11 11:48 . 2012-08-18 02:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-11 11:48 . 2012-08-15 02:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 02:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-18 02:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-16 16:50 . 2012-02-16 16:50 75104 c:\windows\Installer\{95140000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2012-08-18 02:02 . 2012-08-18 02:02 75104 c:\windows\Installer\{95140000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2012-08-18 02:01 . 2012-08-18 02:03 4190 c:\windows\SoftwareDistribution\PostRebootEventCache\{D362A40C-F580-4B95-93FD-82B584BB2163}.bin
- 2012-08-15 02:24 . 2012-08-15 02:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-15 19:58 . 2012-08-16 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 02:24 . 2012-08-15 02:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-15 19:58 . 2012-08-16 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-13 21:35 . 2012-08-18 01:57 294376 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-28 19:45 633770 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-16 20:43 633770 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-16 20:43 111114 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-28 19:45 111114 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-15 02:22 243680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-15 02:45 243680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-04 12:01 . 2012-07-04 12:01 9082368 c:\windows\Installer\64fd413.msp
+ 2012-07-04 11:58 . 2012-07-04 11:58 6163456 c:\windows\Installer\64fd409.msp
+ 2009-07-14 02:34 . 2012-08-18 02:01 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-07-11 14:50 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2011-09-13 21:13 . 2012-08-15 02:23 50657404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3305895179-3876048008-1414156011-1000-8192.dat
+ 2011-09-13 21:13 . 2012-08-15 02:45 50657404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3305895179-3876048008-1414156011-1000-8192.dat
+ 2012-08-18 02:02 . 2012-08-18 02:02 10395648 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-11 39408]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-13 3077528]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096]
"PLTSR"="c:\program files (x86)\EgisTec Port Locker\EgisPLTSR.exe" [2010-10-22 364400]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-24 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-24 224352]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-02 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-08-17 30336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-17 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-11 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-11 39008]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-12-09 23648]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-11 13408]
S1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys [2011-08-11 55880]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 499200]
S2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-10-31 35952]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 885248]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-11 29792]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-02-17 75264]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-02-17 174080]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-02-17 81920]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-24 31088]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-11-09 8500736]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [2010-12-15 8200552]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:30]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 12:30]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 12:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2011-03-01 1617920]
"TpShocks"="c:\windows\System32\TpShocks.exe" [2010-03-15 231328]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-11 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-11 5908928]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-11 114688]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\zcvi012k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-17 22:30:03
ComboFix-quarantined-files.txt 2012-08-18 02:29
ComboFix2.txt 2012-08-15 02:28
.
Pre-Run: 480,106,569,728 bytes free
Post-Run: 479,921,254,400 bytes free
.
- - End Of File - - F38216ED2A45DC2E24B630B7E04E32FC

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 17 August 2012 - 09:58 PM

greetings


while in chrome I want you to click on the wrench at the upper right hand and then click on tools, now select extentions and see if you have one called default and if you do I want you to delete this and then restart chrome and see if it still redirects



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 qzahk

qzahk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 18 August 2012 - 09:40 AM

Gringo,

The redirection persists.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 18 August 2012 - 02:08 PM

Hello qzahk


was there a extension called default?


I want you to uninstall chrome and if asked about user data or settings then remove that also

restart the computer and reinstall chrome
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 qzahk

qzahk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 18 August 2012 - 07:03 PM

Hello Gringo,

I am no longer getting google redirected in Google Chrome after the reinstall. To answer your question, yes there was an extension called default.

Thanks for all your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users